Reset multifactor authentication

Resets the multifactor authentication (MFA) of a user account. This request can reset all secondary authentication methods in Microsoft 365, and authenticator apps activated for Adaxes web interface and password self-service.

POST ~/api/directoryObjects/resetMfa

Request parameters

This request has no parameters.

Request headers

Name
Required
Description
Adm-Authorization
True
Specify an access token.
Content-Type
True
Use application/json as the value of this header.

Request body

The request body is a JSON object with the following data structure:

{
    "directoryObject": "<objectId>",
    "resetInM365": <true|false>,
    "appsInAdaxesToReset": [
        <AuthApp1>,
        <AuthApp2>,
        ...
    ]
}

directoryObject `string`

The identifier of the user account whose MFA to reset. You can use:

Distinguished name (DN)

# Example
CN=John Smith,CN=Users,DC=example,DC=com

Globally unique identifier (GUID)

# Example
7a4267ce-d354-44e7-8bd6-c681f1284a41

Security identifier (SID)

# Example
S-1-5-21-3635565734-1729062999-1822655016-1627

resetInM365 `bool`, `optional`

Set to true to reset MFA in Microsoft 365. Set to false or omit this parameter to leave it unchanged.

appsInAdaxesToReset `AuthApps array`, `optional`

Specify which authenticator apps should be reset for the Adaxes web interface and password self-service. To leave Adaxes MFA unchanged, either omit this parameter or set it to an empty array.

Show possible enum values

Google       = 0,    // Google Authenticator
Authy        = 1,    // Authy
Microsoft    = 2,    // Microsoft Authenticator
Okta         = 3,    // Okta Verify
OneLogin     = 4,    // OneLogin Protect
Duo          = 5,    // Duo Mobile
Auth0        = 6     // Auth0 Guardian

To identify which apps a user has activated, you can use the Get multifactor authentication status request.

Responses

If successful, returns 200 OK status code and an operation result in the response body. Otherwise, returns one of the common HTTP error codes and an error description in the response body.

Examples

Example 1 – Reset user's MFA in Microsoft 365

The following code sample resets all secondary authentication methods in Microsoft 365 for the user John Smith.

Request

PowerShell

$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/resetMfa"

# Request parameters
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = YOUR-ACCESS-TOKEN}
$requestBody = ConvertTo-Json @{
    "directoryObject" = "CN=John Smith,CN=Users,DC=example,DC=com";
    "resetInM365" = $true
} 

# Make request
Invoke-RestMethod -Method POST -Headers $requestHeaders -Uri $requestUrl `
    -Body $requestBody -ContentType "application/json"

C#

using System;
using System.Text;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {   
        const string baseUrl = "https://host.example.com/restApi";
        const string endpoint = "/api/directoryObjects/resetMfa";

        // Create JSON request body
        string jsonRequest = @"
        {
            ""directoryObject"": ""CN=John Smith,CN=Users,DC=example,DC=com"",
            ""resetInM365"": true
        }";
        StringContent requestBody = new(jsonRequest, Encoding.UTF8, "application/json");

        // Initialize HTTP client
        using HttpClient client = new();
        client.DefaultRequestHeaders.Add("Adm-Authorization", YOUR-ACCESS-TOKEN);

        // Make request
        HttpResponseMessage response = await client.PostAsync(baseUrl + endpoint, requestBody);
        string responseBody = response.Content.ReadAsStringAsync().Result;
        Console.WriteLine(responseBody);
    }
}

cURL

curl  --header 'Adm-Authorization: YOUR-ACCESS-TOKEN' \
--header 'Content-Type: application/json' \
--request POST 'https://host.example.com/restApi/api/directoryObjects/resetMfa' \
--data-raw '{
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "resetInM365": true
}'

node.js

async function resetMfa() {
    // Request parameters
    const baseUrl = "https://host.example.com/restapi";
    const endpoint = "/api/directoryObjects/resetMfa";
    const requestPath = `${baseUrl}${endpoint}`;

    // Create JSON request body
    const requestBody = {
        directoryObject: "CN=John Smith,CN=Users,DC=example,DC=com",
        resetInM365: true
    };

    // Make request
    const response = await fetch(requestPath, {
        method: "POST",
        headers: {
            "Adm-Authorization": "YOUR-ACCESS-TOKEN",
            "Content-Type": "application/json"
        },
        body: JSON.stringify(requestBody)
    });

    if (!response.ok) {
        throw new Error(`Request failed with status ${response.status}`);
    }

    const result = await response.json();
    console.log(result);
}

resetMfa();

Python

import requests
import json

baseUrl = "https://host.example.com/restApi"
endpoint = "/api/directoryObjects/resetMfa"

# Request parameters
requestUrl = baseUrl + endpoint
requestHeaders = {"Adm-Authorization": YOUR-ACCESS-TOKEN}
requestBody = {
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "resetInM365": True
}

# Make request
request = requests.post(requestUrl, headers=requestHeaders, json=requestBody)
response = json.loads(request.content)
print(response)

Response

HTTP Status code: 200 OK
Response body:

{
    "resultType": 0,
    "innerMessages": [],
    "exception": null,
    "actualObjectDN": "CN=John Smith,CN=Users,DC=example,DC=com",
    "noChanges": false,
    "extraInfo": {}
}

Example 2 – Reset user's Google Authenticator and Okta Verify apps activated in Adaxes

The following code sample resets the Google Authenticator and Okta Verify apps activated by the user for Adaxes web interface and/or password self-service.

Request

PowerShell

$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/resetMfa"

# Request parameters
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = YOUR-ACCESS-TOKEN}
$requestBody = ConvertTo-Json @{
    "directoryObject" = "CN=John Smith,CN=Users,DC=example,DC=com";
    "appsInAdaxesToReset" = @("Google", "Okta")
} 

# Make request
Invoke-RestMethod -Method POST -Headers $requestHeaders -Uri $requestUrl `
    -Body $requestBody -ContentType "application/json"

C#

using System;
using System.Text;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {   
        const string baseUrl = "https://host.example.com/restApi";
        const string endpoint = "/api/directoryObjects/resetMfa";
        
        // Create JSON request body
        string jsonRequest = @"
        {
            ""directoryObject"": ""CN=John Smith,CN=Users,DC=example,DC=com"",
            ""appsInAdaxesToReset"": [""Google"", ""Okta""]
        }";
        StringContent requestBody = new(jsonRequest, Encoding.UTF8, "application/json");

        // Initialize HTTP client
        using HttpClient client = new();
        client.DefaultRequestHeaders.Add("Adm-Authorization", YOUR-ACCESS-TOKEN);

        // Make request
        HttpResponseMessage response = await client.PostAsync(baseUrl + endpoint, requestBody);
        string responseBody = response.Content.ReadAsStringAsync().Result;
        Console.WriteLine(responseBody);
    }
}

cURL

curl  --header 'Adm-Authorization: YOUR-ACCESS-TOKEN' \
--header 'Content-Type: application/json' \
--request POST 'https://host.example.com/restApi/api/directoryObjects/resetMfa' \
--data-raw '{
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "appsInAdaxesToReset": ["Google", "Okta"]
}'

node.js

async function resetMfa() {
    // Request parameters
    const baseUrl = "https://host.example.com/restapi";
    const endpoint = "/api/directoryObjects/resetMfa";
    const requestPath = `${baseUrl}${endpoint}`;

    // Create JSON request body
    const requestBody = {
        directoryObject: "CN=John Smith,CN=Users,DC=example,DC=com",
        appsInAdaxesToReset: ["Google", "Okta"]
    };

    // Make request
    const response = await fetch(requestPath, {
        method: "POST",
        headers: {
            "Adm-Authorization": "YOUR-ACCESS-TOKEN",
            "Content-Type": "application/json"
        },
        body: JSON.stringify(requestBody)
    });

    if (!response.ok) {
        throw new Error(`Request failed with status ${response.status}`);
    }

    const result = await response.json();
    console.log(result);
}

resetMfa();

Python

import requests
import json

baseUrl = "https://host.example.com/restApi"
endpoint = "/api/directoryObjects/resetMfa"

# Request parameters
requestUrl = baseUrl + endpoint
requestHeaders = {"Adm-Authorization": YOUR-ACCESS-TOKEN}
requestBody = {
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "appsInAdaxesToReset": ["Google", "Okta"]
}

# Make request
request = requests.post(requestUrl, headers=requestHeaders, json=requestBody)
response = json.loads(request.content)
print(response)

Response

HTTP Status code: 200 OK
Response body:

{
    "resultType": 0,
    "innerMessages": [],
    "exception": null,
    "actualObjectDN": "CN=John Smith,CN=Users,DC=example,DC=com",
    "noChanges": false,
    "extraInfo": {}
}

Reset multifactor authentication

Request parameters

Request headers

Request body

directoryObject string

resetInM365 bool, optional

appsInAdaxesToReset AuthApps array, optional

Responses

Examples

Request

Response

Request

Response

See also

directoryObject `string`

resetInM365 `bool`, `optional`

appsInAdaxesToReset `AuthApps array`, `optional`